We weren't the first to discover Brador. We actually had a difficult
time getting our hands on it. The author of WinCE4.Dust sent it to all antivirus
(AV) companies, including ours (Airscanner). However, Brador was written by a
different author, from Russia, who reportedly released it to only a select few
"big" AV companies. As a smaller company that focuses exclusively on
Windows Mobile antivirus software, we were left out in the cold.

The author, or perhaps his agent, was apparently selling copies of the client
to interested parties for $150. With the client, anyone could take total control
of a remote Pocket PC and steal passwords, empty bank accounts, or even
penetrate "secure" corporate networks. (To put it into perspective,
the Windows CE architecture is about as secure as a default Windows 95
installation was a decade ago.) However, no copy of the Trojan server itself
could to be found. And we would never pay for a virus binary, as that would
contribute to a market incentive for malware creationa definite conflict
of interest.

Fortunately, after mucking around in the underground for a while, we were
able to obtain a copy of the Trojan, and we immediately started to
reverse-engineer it. This article is our step-by-step investigationnot
only of the Trojan, but also of the author, who until this article was not
publicly known. We hope you will follow along to learn how to reverse-engineer
for yourself. In this article, we use mostly free software tools, with the
exception of IDA.